Peter,
This is actually a little more complicatedthan you might expect. The main table you are interested in is DTREEACL whichstores each object and the corresponding permissions that are explicitlyspecified (groups/users who have been added to the object from the permissions page).The complication comes in identifying if one of the groups specified shouldapply to your special group by means of group inheritance.
It's an interesting query, one that Iwould probably break-up into two different queries: the first to get a listingof the correct objects as your pool of available objects For example, youprobably do not want to test permissions on objects that are in someone's PersonalWorkspace, or items in the Categories Volume, etc. You probably only want totest objects that are in the Enterprise Workspace or in Projects that are inthe Enterprise WS. The second query would be to iterate through the groups toidentify if a group specified in the DTREEACL table is a container for thegroup you want to test (i.e. your group is a sub-group of the one on a folder).
I have an old sql statement from a fewLivelink version ago that might serve as a good starting point for query #1. Someof these subtype IDs may be incorrect so you will want to check against yourversion of LL (a list of subtype values and names can be found in the AdminPages help files under the opentext.ini File Reference section):
select distinct d1.name "Parent", d2.name "Object", case d2.subtype when0 then 'Folder' when1 then 'Alias' when2 then 'Generation' when128 then 'Workflow Map' when130 then 'Topic' when131 then 'Category' when133 then 'Categories Volume' when134 then 'Reply' when136 then 'Compound Document' when137 then 'Release Volume' when138 then 'Release' when139 then 'Revision' when140 then 'URL' when141 then 'EnterpriseWorkspace' when142 then 'Personal Workspace' when143 then 'Discussion Volume' when144 then 'Document' when148 then 'System Volume' when150 then 'Livelink' when153 then 'Workflow Step' when154 then 'Workflow Attachments' when161 then 'Workflow Volume' when162 then 'Workflows Edit Volume' when188 then 'Workflow Status' when189 then 'Workflow' when198 then 'Classifications' when201 then 'Project Workspace' when202 then 'Project' when203 then 'Projects' when204 then 'Task List' when206 then 'Task' when207 then 'Channel' when208 then 'News' when209 then 'Channel Volume' when210 then 'Task List Volume' when211 then 'Reports Volume' when215 then 'Discussion' when223 then 'Form' when226 then 'HTML View' when230 then 'Form Template' when231 then 'Submit Version' when257 then 'Livelink Search Engine' when258 then 'Query' when259 then 'EnterpriseExtractor' when260 then 'Proxy' when268 then 'Template Folder' when269 then 'Search Manager' when270 then 'Data Flow' when271 then 'Process' when272 then 'EnterpriseSearch Engine' when275 then 'Slice Folder' when276 then 'Data Source Folder' when277 then 'Directory Walker' when278 then 'Snapshot' when280 then 'Spider' when281 then 'Index Engine' when282 then 'HTML Conversion' when285 then 'XML Activator Producer' when286 then 'XML Activator Consumer' when287 then 'XML Activator Intermediate' when288 then 'XML Activator Filter' when289 then 'XML Activator' when292 then 'System Default Template' when299 then 'LiveReport' when301 then 'Personal Workspace' when302 then 'Projects' when303 then 'News' when304 then 'Reports' when305 then 'Assignments' when306 then 'Favorites' when307 then 'Queries' when308 then 'Snapshots' when309 then 'LiveReports' when335 then 'XML DTD' when336 then 'XML DTD Volume' when384 then 'Prospector' when385 then 'Scanner' when387 then 'Prospector Snapshot' when391 then 'Collector' when392 then 'Collector Folder' when400 then 'Cluster' when401 then 'Installation' when402 then 'Livelink Undelete Workspace' when410 then 'Livelink Physical Object Module' when411 then 'Livelink Physical Object Module' when412 then 'Livelink Physical Object module' when550 then 'Records Management' when552 then 'Hold Maintenance' when553 then 'RSI' when554 then 'Disposition' when556 then 'Table Maintenance' end as "Object Type"from dtreeacl a inner join dtree d1 on a.parentid = d1.dataid inner join dtree d2 on a.dataid = d2.dataidwhere d2.subtype in (0,144,189,202,203,204,208) -- add your list ofobject types to check perms on here and d1.subtype in (0,141,201,202,302) -- only include Folders orprojects in the enterprise workspace and rightid <> (select id from kuaf where name = 'DefaultGroup')-- name of the user or group to test
I will have to think about query #2 toiterate through nested groups. Perhaps someone more enterprising can providesome additional insights…
From: eLinkDiscussion: Livelink LiveReports Discussion[mailto:livereportsdiscussion@elinkkc.opentext.com] Sent: Thursday, June 28, 2007 6:19AMTo: eLink RecipientSubject: Live report which showsme on which objects has User xy no rights.
Live report which shows me on which objects has User xy no rights.
Posted by p_arenspe (Arens, Peter) on 06/28/2007 09:16 AM
Hello, we do have a user group who should have the right to see every object in livelink. But this group should not have systemrights. So we need a report which shows us, on which object this group has no rights. This should work for projects, too. This group must be guest of a project or more. After that we are able to give rights to the still missing objects. Any ideas? Thanks Peter
